Examples with CryptographyClient com.azure.security.keyvault.keys.cryptography.CryptographyClient used on opensource projects

Example 1 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultWrap.

/**
 * Encrypts the text using specified Azure Key Vault key.
 *
 * @param masterKeyPath
 *        - Azure Key Vault key url.
 * @param encryptionAlgorithm
 *        - Encryption Algorithm.
 * @param columnEncryptionKey
 *        - Plain text Column Encryption Key.
 * @return Returns an encrypted blob or throws an exception if there are any errors.
 * @throws SQLServerException
 */
private byte[] AzureKeyVaultWrap(String masterKeyPath, KeyWrapAlgorithm encryptionAlgorithm, byte[] columnEncryptionKey) throws SQLServerException {
    if (null == columnEncryptionKey) {
        throw new SQLServerException(SQLServerException.getErrString("R_CEKNull"), null);
    }
    CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
    WrapResult wrappedKey = cryptoClient.wrapKey(KeyWrapAlgorithm.RSA_OAEP, columnEncryptionKey);
    return wrappedKey.getEncryptedKey();
}

Example 2 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method getCryptographyClient.

private CryptographyClient getCryptographyClient(String masterKeyPath) throws SQLServerException {
    if (this.cachedCryptographyClients.containsKey(masterKeyPath)) {
        return cachedCryptographyClients.get(masterKeyPath);
    }
    KeyVaultKey retrievedKey = getKeyVaultKey(masterKeyPath);
    CryptographyClient cryptoClient;
    if (null != credential) {
        cryptoClient = new CryptographyClientBuilder().credential(credential).keyIdentifier(retrievedKey.getId()).buildClient();
    } else {
        cryptoClient = new CryptographyClientBuilder().pipeline(keyVaultPipeline).keyIdentifier(retrievedKey.getId()).buildClient();
    }
    cachedCryptographyClients.putIfAbsent(masterKeyPath, cryptoClient);
    return cachedCryptographyClients.get(masterKeyPath);
}

Example 3 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultVerifySignature.

/**
 * Verifies the given RSA PKCSv1.5 signature.
 *
 * @param dataToVerify
 * @param signature
 * @param masterKeyPath
 *        - Azure Key Vault key url.
 * @return true if signature is valid, false if it is not valid
 * @throws SQLServerException
 */
private boolean AzureKeyVaultVerifySignature(byte[] dataToVerify, byte[] signature, String masterKeyPath) throws SQLServerException {
    assert ((null != dataToVerify) && (0 != dataToVerify.length));
    assert ((null != signature) && (0 != signature.length));
    CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
    VerifyResult valid = cryptoClient.verify(SignatureAlgorithm.RS256, dataToVerify, signature);
    return valid.isValid();
}

Example 4 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultUnWrap.

/**
 * Encrypts the text using specified Azure Key Vault key.
 *
 * @param masterKeyPath
 *        - Azure Key Vault key url.
 * @param encryptionAlgorithm
 *        - Encrypted Column Encryption Key.
 * @param encryptedColumnEncryptionKey
 *        - Encrypted Column Encryption Key.
 * @return Returns the decrypted plaintext Column Encryption Key or throws an exception if there are any errors.
 * @throws SQLServerException
 */
private byte[] AzureKeyVaultUnWrap(String masterKeyPath, KeyWrapAlgorithm encryptionAlgorithm, byte[] encryptedColumnEncryptionKey) throws SQLServerException {
    if (null == encryptedColumnEncryptionKey) {
        throw new SQLServerException(SQLServerException.getErrString("R_EncryptedCEKNull"), null);
    }
    if (0 == encryptedColumnEncryptionKey.length) {
        throw new SQLServerException(SQLServerException.getErrString("R_EmptyEncryptedCEK"), null);
    }
    CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
    UnwrapResult unwrappedKey = cryptoClient.unwrapKey(encryptionAlgorithm, encryptedColumnEncryptionKey);
    return unwrappedKey.getKey();
}

Example 5 with CryptographyClient

use of com.azure.security.keyvault.keys.cryptography.CryptographyClient in project mssql-jdbc by Microsoft.

the class SQLServerColumnEncryptionAzureKeyVaultProvider method AzureKeyVaultSignHashedData.

/**
 * Generates signature based on RSA PKCS#v1.5 scheme using a specified Azure Key Vault Key URL.
 *
 * @param dataToSign
 *        - Text to sign.
 * @param masterKeyPath
 *        - Azure Key Vault key url.
 * @return Signature
 * @throws SQLServerException
 */
private byte[] AzureKeyVaultSignHashedData(byte[] dataToSign, String masterKeyPath) throws SQLServerException {
    assert ((null != dataToSign) && (0 != dataToSign.length));
    CryptographyClient cryptoClient = getCryptographyClient(masterKeyPath);
    SignResult signedData = cryptoClient.sign(SignatureAlgorithm.RS256, dataToSign);
    return signedData.getSignature();
}